Neil Costigan, CEO, BehavioSec
When we think about innovative industries, traditional financial institutions may not be front of mind. Instead the industry has developed a public reputation for stability and consistency. Yet many banks have been showing a different attitude when it comes to security. For example, Halifax has been experimenting with a new technology that gives us access to their banking app using our heartbeat.
Banks have long felt the pressure to ensure their security measures are up to standard, and with news that online bank fraud is the UK’s fastest growing area of crime – doubling from £60m in 2014 to an expected total beyond £130m this year- it is no surprise that banks feel they need to be ahead of the game when securing their customers transactions. The security industry has picked up on this need, with many banks being overwhelmed with choice and decisions on what solution to invest in.
Here are some steps security teams can make to ensure they make the correct decisions:
- Find the balance. There is now the expectation that financial institutions will provide an anytime, anywhere service and they consequently face the challenge of ensuring their security options fit this flexible model. Many security professionals will try and introduce supplementary security hardware to combat any potential risks that their customers may encounter, but this may result in a bank frustrating its customers. The challenge is forfinancial institutions to strike a balance between use of ease and security. How can banks do this? Behavioural biometrics can provide an answer to this issue, as unlike hardware such as card readers it sits in the background of the technology device and it doesn’t request for the user to go through the steps of an extra authentication process. Behavioural biometrics is able to assess behaviour, such as the pressure at which we type or the angle we hold a device, while enabling the user to continue interacting with their device without interruption.
- Build on existing foundations. Whilefinancial institutions are relatively open to new security strategies, they are not introducing new innovations on a whim. Instead banks aim to introduce new technologies that can fit in their current model without impacting company activity. It is a risk to assume that only one security measure can be the solution to all problems. Introducing a layered approach to the security strategy and adopting new technologies alongside existing solutions, will prevent financial institutions from just relying on any single control for authorising transactions. By avoiding an “either or” approach and building upon existing foundations, banks are preventing the need to undergo an entire IT overhaul every time the bank introduces a new security solution.
- Tailor the approach. Adopting several security layers opens up the opportunity for security professionals to embrace niche specialist security providers, rather than only selecting one solution that provides a blanket approach to security. A flexible strategy allows security professionals to decide what solution suits their business needs and take a forward thinking stance to solve the issues they are facing.
- Retain responsibility. Financial institutions have to ensure that the responsibility for their customer data still lies in their hands. The security provider can act as an external jury, who analyses the behaviour and highlights any warning signs, but the all-important final decision is still with the bank. The bank will need to judge whether the user can be granted access based on what the security provider shares with them, so it is essential that security professionals select a provider that can deliver a strong and reliable insight.
Consumers are now expecting theirfinancial institutions to ensure they don’t join the list of potential targets. Security is not a competitive advantage; it is simply an essential part of an efficient service. A security measure may not make a bank stand out from the crowd, but the failure to do so can result in a bank losing customers. The growing threat of security breaches haven’t encouraged consumers to take a more proactive approach to security, instead they are simply placing more pressure on their banks to make the correct decisions to protect them.
Decision makers need to develop their own checklist of security measures that are adapted to their bank’s requirements. Only when security professionals are clear on the essential elements of their strategy can they make informed decisions on the best security measures for them. A consumer may not place innovative security as their key criteria when choosing a bank, but a bank needs to concentrate on usability and consistent client satisfaction and protection to guarantee customer loyalty.